limited python virtual machine (WAS: Another scripting language implemented into Python itself?)
Michael Spencer
mahs at telcopartners.com
Tue Jan 25 15:05:53 EST 2005
Steven Bethard wrote:
>
> I wish there was a way to, say, exec something with no builtins and
> with import disabled, so you would have to specify all the available
> bindings, e.g.:
>
> exec user_code in dict(ClassA=ClassA, ClassB=ClassB)
>
> but I suspect that even this wouldn't really solve the problem,
> because you can do things like:
>
> py> class ClassA(object):
> ... pass
> ...
> py> object, = ClassA.__bases__
> py> object
> <type 'object'>
> py> int = object.__subclasses__()[2]
> py> int
> <type 'int'>
>
> so you can retrieve a lot of the builtins. I don't know how to
> retrieve __import__ this way, but as soon as you figure that out, you
> can then do pretty much anything you want to.
>
> Steve
Steve
Safe eval recipe posted to cookbook:
http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/364469
Couldn't safe exec be programmed similarly?
'import' and 'from' are syntax, so trivially avoided
Likewise, function calls are easily intercepted
As you say, attribute access to core functions appears to present the challenge.
It is easy to intercept attribute access, harder to know what's safe. If there
were a known set of 'dangerous' objects e.g., sys, file, os etc... then these
could be checked by identity against any attribute returned
Of course, execution would be painfully slow, due to double - interpretation.
Michael
More information about the Python-list
mailing list